What is a Password Policy and How to Create a Good One?

Normally, a password policy is a set of do's and don'ts that a company's IT experts put together and employees follow when they go about their day online. As boring as it sounds, it's an essential part of the effort to protect valuable corporate data. But what if we told you that a password policy can (and should) exist outside the corporate environment? What if we told you that you can create a list of a few simple rules that will greatly reduce the chances of getting hacked? You can do that, and we'll now give you some ideas of what your own personal password policy should include. Let's start with the obvious.

Don't use simple passwords

Security experts regularly review databases of login credentials that have been leaked during a data breach, and they're often quite shocked at users' attitude towards passwords. "123456" and "password" continue to be among the most common passwords. If you don't know it already, it's high time you realize that if you're using something like this to protect your online accounts, you're basically sending an open invitation to the cybercrooks.

Don't use anything personal as your password

Years ago, it might have been fine to use the name of your significant other or your favorite sporting team as your password. Nowadays, however, when everyone knows what everyone else is having for breakfast (thanks, social media), it really isn't such a great idea to lock your accounts with information that could easily be connected to your personal life.

Don't reuse passwords

After you sign up for a website, the website owner must store your password in order to authenticate you in the future. Different websites store passwords in different ways, and some do it better than others. That's why we see so many data breaches every year. You never know when one of your passwords is going to be breached, and if it's reused across many accounts, it will roll out the red carpet for hackers. And don't think that they won't try it on all the different websites. This type of attack actually has a name. It's called credential stuffing, and the effort required to launch it is minimal. Hackers love minimal effort.

Make your passwords long

Many websites will tell you that your password must include an uppercase letter, a lowercase letter, a digit, and a special character. This means that "j1U#" complies with these requirements. Does that mean that it's strong? No, it's not. It's way too short. Adding special characters, uppercase letters, and digits adds to the complexity of a password, but when it comes to brute-force attacks, length is the best way to slow the hackers down. There is no clear line between short passwords and long ones, but most experts agree that everything below eight characters is simply too weak to be an effective way of keeping an account safe.

So, there you have it – four simple rules that should give you enough peace of mind when it comes to your online accounts. Here comes the bad news.

Sticking to those simple rules is too hard for most people. The regular internet user has dozens of accounts nowadays which means that if they are going to have a good password policy, they need to remember dozens of unique passwords, which is a tall order. If all these unique passwords are comprised of long, random-looking strings of characters, things become downright impossible. The human brain just isn't adapted to remembering so much information. Fortunately, Cyclonis Password Manager is.

Instead of trying to memorize all your unique login credentials, you can put them in your personal vault. Cyclonis Password Manager will encrypt them and, if you wish, synchronize them across your devices. You can feel free to forget them. The one password that you do need to remember is your master password which unlocks your vault and lets you use your data.

Having a good password policy is no good if you don't stick to it. With Cyclonis Password Manager, you can do just that.

March 16, 2018

One Comment

  • Marion Freuthal :

    I do not like the fact that downloading a password manager is such a complicated process. It used to be a lot easier. For me it has been frustrating and time consuming.

Leave a Reply